package com.opencee.common.security;

import cn.hutool.core.bean.BeanUtil;
import com.alibaba.fastjson.JSONObject;
import com.opencee.common.security.oauth2.CustomJwtTokenServices;
import com.opencee.common.security.oauth2.CustomJwtUserAuthenticationConverter;
import com.opencee.common.security.oauth2.CustomRedisTokenServices;
import com.opencee.common.security.oauth2.CustomUserAuthenticationConverter;
import lombok.extern.slf4j.Slf4j;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.common.exceptions.UnauthorizedUserException;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.OAuth2Request;
import org.springframework.security.oauth2.provider.token.DefaultAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.ResourceServerTokenServices;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
import org.springframework.security.oauth2.provider.token.store.redis.RedisTokenStore;
import org.springframework.util.Assert;

import java.util.Collection;
import java.util.Map;

/**
 * 认证信息帮助类
 *
 * @author liuyadu
 */
@Slf4j
public class SecurityHelper {


    /**
     * 获取当前用户ID
     *
     * @return
     */
    public static Long getUserId() {
        SecurityUser user = getUser();
        if (user == null) {
            throw new UnauthorizedUserException("未认证");
        }
        if (user.isClientOnly()) {
            throw new UnauthorizedUserException("缺少用户认证信息");
        }
        return user.getUserId();
    }

    /**
     * 获取客户端ID
     *
     * @return
     */
    public static String getClientId() {
        SecurityUser user = getUser();
        if (user == null) {
            throw new UnauthorizedUserException("未认证");
        }
        return user.getClientId();
    }

    /**
     * 获取用户资料
     *
     * @return
     */
    public static JSONObject getProfile() {
        SecurityUser user = getUser();
        if (user == null) {
            throw new UnauthorizedUserException("未认证");
        }
        return user.getProfile();
    }

    /**
     * 获取认证信息
     *
     * @return
     */
    public static SecurityUser getUser() {
        SecurityUser user = null;
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication != null && authentication.isAuthenticated()) {
            Object principal = authentication.getPrincipal();
            if (principal instanceof SecurityUser) {
                user = (SecurityUser) principal;
            }
            if (principal instanceof Map) {
                user = BeanUtil.toBean(authentication.getPrincipal(), SecurityUser.class);
            }
            if (authentication instanceof OAuth2Authentication) {
                OAuth2Authentication oAuth2Authentication = (OAuth2Authentication) authentication;
                OAuth2Request oAuth2Request = oAuth2Authentication.getOAuth2Request();
                if (!oAuth2Authentication.isClientOnly()) {
                    user.setClientId(oAuth2Request.getClientId());
                } else {
                    user.setClientId(oAuth2Request.getClientId());
                    user.setAuthorities(oAuth2Request.getAuthorities());
                }
            }
        }
        return user;
    }
}
